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ASSISTANT SECRETARY OF DEFENSE 

WASHINGTON, D C *0*01-304© 


COMM AMO. COMTMOL. 
COMMUNICATIONS 
AND 

intcuiccncc 


MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS 
MEMORANDUM run * eHAIRMAN> joint CHIEFS OF STAFF. 

DIRECTORS OF DEFENSE AGENCIES 


SUBJECT: Automated Message Processing 


In a 1 February 1979 memorandum, ASD(C 3 I) promulgated the 
DoD plan for automated message handling systems. 

liriA/* tficicinp to DCA to develop an Integrated AUTODIN System 
Archi tecture^(lASA) and to develop the Inter-Service/Agency AMPE 
n-S/A AMPE). The plan further tasked DIA to provrde a communi- 
cation support processor (CSP) to meet near term service/agency 
special security office automation needs. In a 9 June 1980 
memorandum, ASD(C 3 I) approved the IASA Report (Part 2) which 
included specific implementation details and scope for I-SM 
AMPE In the approval memorandum all near-term implementations 
of new or upgraded AMPE sites were subject to review *" d . UPF 
approval byASD(Cll). Proposed procurements of all non-AMPE 
telecommunications terminals which interface the DCS or inter- 
connect via the AUTODIN backbone were also subject to review and 
approval by ASD(C 3 I) after being submitted through DCA. 

The major near-term communications systems which will be 
♦TflTKi tioned to I-S/A AMPE and which are subject to the 
provisions of the 9 June 1980 memorandum include: Automated 
Muiti-iedia Exchange (AMME); Local Digital Message Exchange 

^d^iSfHI^P^oeej^^r^Ut^iniin^rrement 

basis. 

Reouest the Director, DCA, in conjunction with the Air Force 
as the^Lead Military Department, and the responsible Service or 
Agency, insute that each of the above systems is reviewed 

promptly for inclusion in the planning end •f!f!??i l 5J r £ ?Lcsp_ 
transit! 0 "' to 1-S / A This review. eppecjel l Y L 01 ihe __CSE. — 

should examine the current costs and functionality of the system 
in comparison to the projected costs and functionality of I-S/A 
AMPE. 
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THE SECRETARY OF DEFENSE 

WASHINGTON. THE DISTRICT OF COLUMBIA 

2 8 JAN 1985 


MBOWraw FOR SECRETARIES OF THE MILITARY DEPARTMENTS 

omirman of the joint chiefs of staff 

UNDER SECRETARIES OF DEFENSE 
ASSISTANT SECRETARIES OF DEFENSE 
GENERAL COUNSEL 
INSPECTOR GENERAL 

^JSTANTS TO THE SECRETARY OF DEFENSE 
DIRECTORS OF THE DEFENSE AGENCIES 


SUBJECT: 


Autanated Information Systems Security 


refuned^^^ina^on SttfSaiSlSf 'MLPSST (MSD(P)) ’ **“ 

sfs p . r ^& c zrs&f&fSsr* 

ZttSTi. initiated- 1 ° £ M llSit^ life* 


(a) The USD(P) will: 

(1) in collaboration with the Computer Security Evaluation Center 

prepare a revised DODD 5200.28 which will expand the scow 
?^ fl F eSent ? irectl j e t0 all ccnputer-driven 

EfZE£ 10n Sys JT md which 1,111 Provide expanded policy 
guidance on mandatory statements of computer security ” 

requirements for all ADP procurements and the use of computer 
security guidelines and standards. o®put 

(2) upon ^issuance of the ^Trusted Computer System Evaluation 
Criteria, revise DODD 5200.28 and 5100.55 to encouraee system 

US networ jj s that interoperate with the systems of 
our allies to ensure that all components are evaluated by a 
conroon security criteria. y a 

(b) The DJRNSA will: 

(1) establish an ad hoc working group to develop a c ommon set of 
Authorities! teriS *" ~ * “e*i*nated P App^ 

(2) develop a Computer Security Vulnerability Reporting Program. 


01433 
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jpsar 

The Director# Central Intelligence 




v 


NFIC-9.11/1 
22 January 1985 

MEMORANDUM FOR: See Distribution 

SUBJECT: Reports on Computer Security for SCI-Handling Systems 


1. The DCI's Computer Security (C0MPUSEC) Project began In April 1963 and 
Is Intended to support the DC1 In assessing the security of automated systems 
processing Information derived from sensitive methods and sources, to Identify 
the threats to automated systems processing such materials, and to recommend 
actions for the PCI that will allow him to attest to the acceptability of 
operating risks. [" 


2 . As part of the DCI's CCMPUSEC Project, the COMPUSEC Project Team 
developed an assessment on the threat to US automated Intelligence Community 
systems (See Attachment 1). Representatives from the NFIC Community have 
provided Input to this document. This formulation of the "threat* Is being 
used In conjunction with security assessments of the Intelligence Community's 
•critical" automated SCI systems to set program and budget priorities for 
imnediate security upgrades. This threat point paper also serves t o fulfill 
one of the DCI's continuing distinctive responsibilities. 


3. The SAFEGUARDS document (Attachment 2) Identifies security 
retirements for the protection of SCI Information In the "critical" systems 
evaluated as part of the DCI's Computer Security (COMPUSEC) Project. When 
fully Implemented In the "critical* systems, the SAFEGUARDS will correct the 
security shortfalls and reduce to an acceptable level the risks currently 
associated with processing this sensitive information In the "critical* 
systems. I Intend to direct that the SAFEGUARDS be imposed as mandatory 
standards for the 13 "critical" SCI-handllno systems by the end of FT 86. 
These SAFEGUARDS will also be Imposed as voluntary standards for other 


SCI -handling systems. 


4 . i n June 1984, an Interagency Computer Security Technology Panel was 
established to assess the application of computer security technologies 
against known operational deficiencies within Intelligence Community computer 
systems. The panel focused on what could be done. In the near term, with 
existing computer security technology and admlnl strati ve/taanagement actions to 
provide security upgrades for our "critical" systems. Specific emphasis was 
given to three areas of computer security vulnerability: authentication of 


WARNING NOTICE 
INTELLIGENCE SOURCES 
OR METHODS INVOLVED 
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Reports on Computer Security for SCI-Handling Systems 


users* accountability of operating actions; and labeling of SCI information. 
The findings* and recommendations of the Technology Panel are provided to you 
for your use and comment (See Attachment 3). When these “t ion-oriented 
recommendations are arrayed against the Identified 

■critical* systems and the threat against them, it will lead to a plan for 
significant improvement in Community COMPUSEC. I intend to pursue these 
reconwnendations, in coordination with other computer security initia tives, to 
strengthen the protection of SCI material In computer-based systems, 

5. These documents are also being provi ded t o the 
with responsibilities assigned by NSDD/145. 


opr i ate officials 


Attac hments: 

2) Computer Security Technology Assessment Report 

3) Uniform SAFEGUARDS for Protection of •Critical 

Systems" Processing Intelligence Information 
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SUBJECT: Reports on Computer Security for SCI~Hand1ing Systems 


Distribution: 

Copy 1 - DC I (William J. Casey) 

2 - SecDef (Caspar W. Weinberger) 

3 - DDCI (John N. McMahon) 

4 » EXDIR/CIA (Jim Taylor) 

5 - ASD(C 3 I) (Don Latham) 

6 - D/INR (Hugh Montgomery) 

7 - D/DIA (LtGen James A. Williams, USA) 

8 - D/NSA (LtGen Lincoln D. Faurer, USAF) 

9 - D/DN1 (Rear Admiral John Butts, USN) 

10 • Assistant Director, Intel. Div., FBI (Edward J. O'Malley) 

11 - DOE/DAS, Intelligence (Charles Boykin) 

12 - Treasury (Douglas Mulholland) 

13 - Air Force, Under Secretary (Edward C. Aldridge, Jr.) 

14 - Army /ACS I (LtGen William E. Odom, USA) 

15 - Air Force/ACSI (MajGen James C. Pfautz, USAF) 

16 - USMC/OI (BG Lloyd W. Smith, USMC) 

17 - NSC (Ken deGraffenreld) 

18 - National Security Advisor (Robert McFarlane) 

19 - DUSD/P (Gen. Richard G. Stllwell, USA Ret.) 

20 - Justice Dept (Mary C. Lawton) 

21 - DOC (Irving P. Margulles) 

22 - Chm/IPC/CIA (Richard Kerr) 


OS/C/ISSG 
DIA/RSE 


(w/att 2 only— 3 copies) 
iw/att 2 only— 15 copies) 


- State (Lynn McNulty) w/att 2 only— 2 copies) 

- OSD ( Gene Epperly ) (w/att 2 only— 3 copies) 

- SECOM (w/att 2 only— 5 copies) 

s (w/att 2 only— 5 copies) 
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UNIFORM SAFEGUARDS FOR 
PROTECTION OF "CRITICAL SYSTEMS" 
PROCESSING INTELLIGENCE INFORMATION 
December 1984 

* * * 


Supplement to: 

"Security Policy on Intelligence 
Information in Automated Systems and Networks" 

DC1D 1/16 
dated 

4 January 1983 
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UNCLASSIFIED 


FOREWORD 


' The Deputy Director of Central Intelligence (DDCI) directed that security 
SAFEGUARDS be developed to reduce the vulnerabilities associated with 
processing information derived from sensitive methods and sources in 
■critical " automated systems and networks. These "critical" systems were 
Identified by the senior members of the Intelligence community and uniform 
assessments of the security of these systems were made using an early draft of 
these SAFEGUARDS. These SAFEGUARDS identify security requirements which, 
when satisfied, will significantly reouce the vulnerabilities Identifieo in 
the assessments of the critical systems. These SAFEGUARD requirements are 
Intended as a transitional step for the Intelligence Community to reduce 
security risks that are Inherent In existing critical systems. The 
Intelligence Community will use the trusted security products and services of 
the DoD Computer Security Center as soon as such products and services are 
developed and are available to be Incorporated Into the Community's Inventory 
of automated systems. These SAFEGUARDS reflect DC1 requirements for reducing 
near term risks until trusted systems are available and therefore are intenoed 
to complement the DoD Computer Security Evaluation Criteria. The SAFEGUARDS 
are mandatory for all critical systems and voluntary for all other systems 
processing Information derived from sensitive methods and sources. (U) 


iimm acctrirn 
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UNCLASSIFIED 


IX. 6L0SSARY 


ACCESS. A specific type of Interaction between a subject and an object that 
results In the flow of Information from one to the other. 

AUTHENTICATION. A positive Identification, with a degree of certainty 
sufficient for permitting certain rights or privileges to the person or thing 
positively identified. 

COMPARTMENTED MODE. See Section VI. 

"CRITICAL SYSTEM." For this document, a "critical system" is a computer 
system processing and/or storing Intelligence Information that has been 
selected by senior officials in the National Security Community. 

DATAGRAM. A datagram is an Internet protocol packet; the packet Is made up of 
a header and trailer. For the purpose of this oocument the oatagram is the 
equivalent "packet" of data as defined by the network being utilized. 

DC1. Director of Central Intelligence. 

DCID. Director of Central Intelligence Directive. 

DDC1. Deputy Director of Central Intelligence. 

DEDICATED MODE. See Section IV. 

ESCORT. Duly designated personnel who have appropriate clearances and access 
approvals for the material contained in the ADP system and are sufficiently 
knowledgeable to understand the security implications and to control the 
activities and access of the individual being escorted. 


ISSO. Information System Security Officer. 


INTELLIGENCE INFORMATION. For purposes of this policy statement, intelligence 
information means foreign intelligence, and foreign counterintelligence 
Involving sensitive intelligence sources and methods, tnat has been classified 
pursuant to Executive order 12356 (or successor order). "Foreign 
Intelligence" and "counterintelligence" have meanings assigned them in 
Executive Order 12333. "Intelligence," as usee herein, also incluoes 
Sensitive Compartmented Information (SCI) as defined in the DC1 Security 
Policy Manual for SCI Control Systems, effective 28 dune 1962. 


LOU WATER MARK. Of two or more security levels, the least of the hierarcnical 
classifications, and the set intersection of the nonhierarcnical categories. 


MULTILEVEL MODE. See Section VII. 

NFIB. National Foreign Intelligence Board. 


43 
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OBJECT. A passive entity that contains or receives Information. Access to an 
object potentially liqplles access to information It contains. Examples of 
objects are: records, blocks, pages, segments, files, directories, oirectory 
trees, and programs, as well as bytes, words, fields processors, video 
displays, keyboards, and clocks, printers network nodes, etc. 

SBI. Special Background Investigation. 

SENSITIVE COMPARTMENTED INFORMATION (SCI). All information and materials 
requiring special Community controls indicating restricted handling within 
present and future Community intelligence collection programs and their end 
products. These special Community controls are formal systems of restricted 
access established to protect the sensitive aspects of sources and methods and 
analytical procedures of foreign Intelligence programs. The term does not 
Include Restricted Data as defined In Section II, Ribllc Law 585, Atomic 
Energy Act of 1954, as amended. 

SENSITIVITY LABEL. A piece of Information that represents the security level 
of an object and that describes the sensitivity (e.g. classification) of the 
data In the object. 

SESSION. An activity for a perioo of time; the activity is access to a 
computer/network resource by a user; a period of time is bounded by session 
initiation (a form of logon) and session termination (a form of logoff). 

SESSION SECURITY LEVEL. Ihe security level of a session is the low water mark 
of the security levels of: the user, the terminal, a level specif ieo by the 
user, and the system from which the session originates. 

STORAGE 0BJEC1. An object that supports both reao and write accesses. 

SUBJECT. An active entity, generally in the form of a person, process, or 
device that causes Information to flow among objects or changes the system 
state. 

SUBJECT SECURITY LEVEL. A subject's security level is equal to the security 
level of the objects to which It has either read only or both read and write 
access. A subject's security level must always be dominated by the session 
security level. 

SYSTEM HIGH MODE. See Section V. 

TRUSTED. Employing sufficient integrity measures to allow its use for 
processing intelligence Information involving sensitive sources and methods. 

USER. A user is an individual and/or processes operating on his or her behalf. 
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